Vehicle security is about much more than just physical security. With vehicles integrating increasingly intelligent technology, connected vehicle cyber security testing is now a mandatory requirement for each and every automotive manufacturer.
Vehicle cyber security issues can be significant and in many cases impact personal safety. Criminals are using increasingly sophisticated attacks to steal vehicles, and compromise systems, privacy and safety.
Modern vehicles offer many entry points for an attacker. USB connections, connected entertainments systems, advanced navigation capabilities, wireless systems and mobile apps all represent security risks which offer the opportunity for vehicles to be compromised both locally and remotely.
Addressing GDPR in connected vehicles
Connected vehicles often measure and store telemetry which includes personal data and mobile applications invariably have vehicle tracking capabilities. It's likely that such data will be in scope for the upcoming General Data Protection Regulation (GDPR), meaning a vehicle breach could have significant repercussions for the manufacturer.
Standards for Vehicle Cyber Security
There are currently no commonly accepted standards for vehicle cybersecurity, however, this is likely to change.
Nettitude, a member of the Lloyd’s Register group, are closely following ISO 26262. This standard is titled “Road Vehicles – Functional Safety” and applies to the functional safety of electric systems in production automobiles. It is likely that version two of the standard, which is in development, will address the issue of cybersecurity.
Likewise, J3061 by SAE is a standard in development for cyber-physical vehicle systems which Nettitude consider to be a useful resource.
Between these work in progress standards and Nettitude's own experience and expertise, the Lloyd’s Register group is able to provide leading connected vehicle assurance services.
Connected vehicle cybersecurity services
Nettitude has a wealth of experience assessing the security posture of a connected vehicle. Specifically, we focus on:
- Design flaws
- Specification flaws
- Implementation flaws
The approach varies depending on the requirement, but we recommend including all components of the connected vehicle system, assessing:
- Dynamic analysis, including fuzzing and manual probes
- Static analysis, including code review and coding standard review
- Unit testing, hardware testing, integration testing
- Using a white box approach where maximum information sharing occurs
This mix of architectural, procedural and implementation reviews allows maximum levels of assurance. Nettitude has discovered critical vulnerabilities in connected vehicle systems and has worked with global automotive manufacturers for a number of years.
IATF 16949:2016 Certification
For the automotive and engineering sectors, where safety and quality are basic requirements, IATF 16949:2016 certification with Lloyd's Register demonstrates your commitment to compliance and best practice to your most important stakeholders. Managing global supply chains effectively and developing more sustainable operations are also areas where our sector-specific expertise can help you reduce risks and improve performance.
Who we work with
We help businesses across dozens of sectors push forward and achieve like never before. How can we help you?